home

Sync.exe

WinThruster

Installer Wizard

The application Sync.exe, “WinThruster synchronization tool” by Installer Wizard has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This file is typically installed with the program WinThruster by Solvusoft Corporation. While running, it connects to the Internet address web30.cluster.spamfighter.com on port 80 using the HTTP protocol.
Publisher:
Solvusoft Corporation  (signed by Installer Wizard)

Product:
WinThruster

Description:
WinThruster synchronization tool

Version:
2.3.125.113

MD5:
10b08d67ef609f82db9e28bf13dea2af

SHA-1:
f677b79378a1372c236367d4e9637f072e3f5bda

SHA-256:
d5ecab477967647b95108f52a301e63d4b589b0e50f802239920d350400f9407

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/20/2024 3:12:38 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Solvusoft.Installer.Meta (L)
15.10.4.23

File size:
432.4 KB (442,816 bytes)

Product version:
2.3.125.113

Copyright:
(c) Solvusoft Corporation. All rights reserved.

Original file name:
Sync.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\solvusoft\winthruster\sync.exe

Digital Signature
Signed by:
Installer Wizard

Authority:
COMODO CA Limited

Valid from:
8/27/2013 10:00:00 AM

Valid to:
8/27/2016 9:59:59 AM

Subject:
CN=Installer Wizard, O=Installer Wizard, STREET=848 N. Rainbow Blvd., STREET="#3321", L=Las Vegas, S=NV, PostalCode=89107, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00936840633163DBE99483CEE1F9B95E45

File PE Metadata
Compilation timestamp:
10/30/2014 4:53:12 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:sGF+APg60Dgp/XePv+pq4nojwpe00kMG86Ijg:BrXePvs/nojwfxjrIjg

Entry address:
0x2CBA0

Entry point:
48, 83, EC, 28, E8, 6F, 56, 00, 00, 48, 83, C4, 28, E9, 1A, FE, FF, FF, CC, CC, 48, 89, 0D, 25, A0, 03, 00, C3, 40, 53, 48, 81, EC, E0, 05, 00, 00, 83, 64, 24, 70, 00, 48, 8D, 4C, 24, 74, 33, D2, 41, B8, 94, 00, 00, 00, E8, 64, 29, 00, 00, 4C, 8D, 5C, 24, 70, 48, 8D, 84, 24, 10, 01, 00, 00, 48, 8D, 8C, 24, 10, 01, 00, 00, 4C, 89, 5C, 24, 48, 48, 89, 44, 24, 50, FF, 15, AF, D5, 01, 00, 48, 8B, 9C, 24, 08, 02, 00, 00, 48, 8D, 54, 24, 40, 48, 8B, CB, 45, 33, C0, E8, 87, 3B, 01, 00, 48, 85, C0, 74, 3B, 48, 83...
 
[+]

Entropy:
6.1013

Code size:
290.5 KB (297,472 bytes)

Scheduled Task
Task name:
WinThruster64-Bob-Notification

Trigger:
Daily (Runs daily at 10:13 PM)


The file Sync.exe has been discovered within the following program.

WinThruster  by Solvusoft Corporation
Publisher's description - “WinThruster detects and repairs hundreds of PC errors, optimizes performance settings, and speeds up your PC. It repairs PC problems, decrease program load time, removes PC clutter, extends your computer's life, and restores system performance.”
solvusoft.com
40% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to web30.cluster.spamfighter.com  (91.192.52.205:80)

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

TCP (HTTP):
Connects to intern2.spamfighter.com  (193.9.159.233:80)

TCP (HTTP):
Connects to a88-221-254-195.deploy.akamaitechnologies.com  (88.221.254.195:80)

Remove Sync.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.